From 70e5fd877890489a3972bf8bf50bfec1fca3875e Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 25 Feb 2015 11:30:43 +0000 Subject: [PATCH] Fix bug in s_client. Previously default verify locations would only be loaded if CAfile or CApath were also supplied and successfully loaded first. Reviewed-by: Richard Levitte --- apps/s_client.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index c02ed3c0e5..cdea32280c 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1352,13 +1352,12 @@ int MAIN(int argc, char **argv) SSL_CTX_set_verify(ctx, verify, verify_callback); - if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || - (!SSL_CTX_set_default_verify_paths(ctx))) { - /* - * BIO_printf(bio_err,"error setting default verify locations\n"); - */ + if ((CAfile || CApath) + && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) { + ERR_print_errors(bio_err); + } + if (!SSL_CTX_set_default_verify_paths(ctx)) { ERR_print_errors(bio_err); - /* goto end; */ } ssl_ctx_add_crls(ctx, crls, crl_download); -- 2.40.0